Login and Logout HaraAccount

Docs version 2

1. Step 1: Create app

- Follow the link https://developers.haravan.com/apps. (If you haven’t logged in, the system will redirect to sign in https://accounts.haravan.com, and at this page you can sign in or sign up).

Create app

- After sign in/sign up successful, the system will show a list of your applications, click "Create App" button to create a new application.

Create app

- Screen for create application

Create app

  • Name: application name.
  • Description: application description
  • Redirect Url: application domain, the system will redirect to this url when starting application.
    • You need to declare URL for login.
      • Login url with recommended syntax: https://{domain_app}/install/login
    • You need to configure these URLs in your app's configuration file.

- Create success.

+ Some field need to save in configuration file to use: App Id, App Secret, Redirect Url.

Create app

2. Step 2: Build authorize link

- Build authorize link to login Haravan's system for check shop and user information

  • If have orgid, add orgid to request params of authorize link and request to it with GET method to login.
  • If don’t have orgid, just request authorize link with GET method to login.

- After request to authorize link if not already logged in to Haravan, the system will require login to get user information, if logged in, the system will skip the login step and get the used login information.

2.1 Request

Method

URL  

GET

https://accounts.haravan.com/connect/authorize

Request params:
    response_mode
    response_type
    scope_login
    client_id     redirect_uri 
    nonce 
    orgid 

Parameter passing syntax:
https://accounts.haravan.com/connect/authorize?response_mode={response_mode}& response_type={response_type}&scope={scope}&client_id={client_id}&redirect_uri={redirect_uri}&nonce={nonce}&orgid={orgid}
Ex: 
https://accounts.haravan.com/connect/authorize?response_mode=form_post&response_type=code id_token&scope=openid profile email org userinfo&client_id=0e86d3653f580f07358865a0b6cda6de&redirect_uri=http://locahost:3000/install/login&nonce=asdfasdgd&orgid=1000198788


Property

Required

Description

1

response_mode

true

Form method responses
default: 'form_post'

2

response_type

true

Select the fields you want to receive
default: 'code id_token'

3

scope

true

Required scopes when logging into the haravan system default: 'openid profile email org userinfo'

4

client_id

true

App ID was obtained after creating the application in step 1

5

redirect_uri

true

URL declared at step 1 in Url redirect, used to login to the haravan system

6

nonce

true

string random at least 1 character

7

orgid


+ If your account can log in to multiple shops, orgid will tell the system which shop you want to log in to.

+ If not, you will select the shop when you log in.

2.2 Response

- After successful login, the system will redirect to the redirect_uri that you have added to the request parameter of authorize link with POST method, along with the code and id_token.

Status

Response

200

{
"code": "c309cc6a97e7da821975d2440645892a95f13ce8e06af81ecffe5ed9db8fe7a3",
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImUyZTFkZDM4ODJkNTE4YTk2OGQ5MWVlYTU3NmQxNzdhIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NzA3Njk4MjAsImV4cCI6MTU3MDc3MDEyMCwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5oYXJhLnZuIiwiYXVkIjoiOGJkOWExNDc1NTI4NTJlNTFlYTU3MTExMDQ3NGZlNjMiLCJub25jZSI6ImtjanFoZGx0ZCIsImlhdCI6MTU3MDc2OTgyMCwiY19oYXNoIjoiRm9XSFRLUU50SWFRVndFSlg5bVBMQSIsInNpZCI6Ijc5NDgyZGExZGE5ZmZlZjJmMjY2NjVjOWE2Yjc4MmIzIiwic3ViIjoiMjAwMDAwMDIwMzMyIiwiYXV0aF90aW1lIjoxNTcwNjgwMDU2LCJpZHAiOiJsb2NhbCIsInJvbGUiOiJhZG1pbiIsIm9yZ2lkIjoiMTAwMDExMzc2MyIsIm1pZGRsZV9uYW1lIjoidGVzdCIsIm5hbWUiOiJ0ZXN0IiwiZW1haWwiOiI4YmQ5YTE0NzU1Mjg1MmU1MWVhNTcxMTEwNDc0ZmU2MyIsIm9yZ25hbWUiOiJob2FpbmFtMDlfMTExIiwib3JnY2F0IjoiT3RoZXIiLCJhbXIiOlsicHdkIl19.Q8I9ezKY6r22exDkqBjXbHHirFFg7HRc33DFRHP0ID6E1XyPsry2zgsyVpP4EVtOs0jl0fEzaLvpKLabFDlqNAwMnnRbPqECazMJ5OTDKGTJsEO9Xj-v-TwqMDWPEwV_Abemj8_deovPCw_3wAxxB3mta1GLqz12iBD7m9jlIWFEzqEvIULhdrQ_isMQwjBaxA2r8oQHqQlxVuUAOPKOgP-mCCUa8kGGAFPtd3dfl4C7EezgNE2xtdjv1ItE4_SCdvaF6-hTMrE5smildtgRp3gGv2_QmgGnU1IV8rPGcT3OyaOtywaaQDBSyGcCkF6OXT30-Ez1guJvllVYJ9AIqg",
"scope":"openid profile email org userinfo",
"session_state": "cE63E1b725ke5g329GmRQLnEydXpuQanSCG_DF8AbKM.15223afbde03d10d258e85b1be797e41"
}

401

Unauthorized

422

{"error": "Unprocessable Entity"}

500

Something went wrong. Please try again later.


3. Step 3: Get information of user

- After login successfully, the application will receive the code and id_token.

- Decode id_token get user information, role, orgid, sid of user :

-Note

+ You need to save this information to use.

+ sid of user is used to verify when the user logout.

Get information of user

4. Step 4: Add more scope when login

- Select scope to request permission to edit or read data.

- The scope is divided into two categories

- Identify users who can add more scope when login:

  • If the user is an admin, the user can use all scope.
  • If the user is not an admin, the user only uses scopes corresponding to the user's role.
  • Note:
    • The role of user is received when you decode id_token at the step 3
    • This role can be changed in the seller's settings.

- Note:

  • When choosing a scope, you must add that scope to the authorize link to use when login.
  • When using write permission must include read permission.
  • When only using read permission, there is no need to write permission.
  • Ex:
    • com.write_products com.read_products (Use both write and read products for the application)
    • com.read_products (Only use read products for the application)

- Reference: https://docs.haravan.com/blogs/omni/tutorial-use-scope

5. Step 5: Get access_token from code

- Use the oauth library https://www.npmjs.com/package/oauth to get access_token.

- After successfully, you will receive a token, save the token for use.

- Note:

You need to add scope at step 4 to do this step. If not, move to the next step.

If you take the access_token without adding more scope, there is nothing you can do with this access_token.

This access_token only exists for 2 hours

5.1 Demo code to get access_token:

Demo code to get access_token

Demo code to get access_token


Property

Required

Description

1

grant_type

true

Type of code level.
default "authorization_code"

2

callback_url

true

URL declared at step 1 in Url redirect, used to login to the haravan system.

3

client_id

true

App ID was obtained after creating the application in step 1

4

client_secret

true

App Secret was obtained after creating the application in step 1

5

code

true

Code received in step 2.

5.2 Response get access_token

Status

Response

200

params: {
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImUyZTFkZDM4ODJkNTE4YTk2OGQ5MWVlYTU3NmQxNzdhIiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NTk4MDUyNTUsImV4cCI6MTU1OTgwNTU1NSwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5oYXJhLnZuIiwiYXVkIjoiOWY4M2ZmYzkzMDEyOWUyZjRkMTFhZjBmYzYwYmQyNTEiLCJub25jZSI6ImtjanFoZGx0ZCIsImlhdCI6MTU1OTgwNTI1NSwiYXRfaGFzaCI6InlVcHBoaE15bnZUSUpWV0tzSkMtS3ciLCJzaWQiOiJhMzhkN2M5YWM0ODZiZjBhOTM2OWI4ZjRiZjk2NDcxZCIsInN1YiI6IjEwMDAxMTQ5OTAiLCJhdXRoX3RpbWUiOjE1NTk4MDUwODAsImlkcCI6ImxvY2FsIiwicm9sZSI6WyJjb21fYXBpLmFkbWluIiwiYWRtaW4iXSwib3JnaWQiOiIxMDAwMTEzNzYzIiwibWlkZGxlX25hbWUiOiJCw7lpIMSQaW5oIEhvw6BpIE5hbSIsIm5hbWUiOiJCw7lpIMSQaW5oIEhvw6BpIE5hbSIsImVtYWlsIjoiYnVpZGluaGhvYWluYW1AZ21haWwuY29tIiwib3JnbmFtZSI6ImhvYWluYW0wOSIsIm9yZ2NhdCI6Ik90aGVyIiwiYW1yIjpbInB3ZCJdfQ.P7xXf0ftuiADd5I8v7uQfJk6Xm839z4RFt_Q9RfpMg_MsqIFgnmpJ4lgB2Zcsjw_SwSasEpszXQ2Dwy8-kt0C5YYvAjKPdTk8DNNZidav9FqtM-53rR-DMbyyoDes8-pWed2J_cTFHEhlayf1jYowAsUo6n3snJAwlHdpnRaHVGyFOi56N6Y8eSA84GNrKRPlBpjfhKY8Pk0pmY_0XOfO7aInPt0RPK42sf0gRVWJR2hSksJaOBL5P6pSDq5A_uT2o-YsE8nZ0OASKzE4aQ0Qeqo-Rx9LaJIzwuJKnyVmFSgl2gJHJUVgTZ0slD5fMmtRuZOSFlDibp8J6wtTnb_MQ",
"access_token": "86f6ab839b301903cc6223dbe236aaa874fa5aa882b8d3d121ba91f8ce660f35",
"expires_in": 86400,
"token_type": "Bearer"
}

401

Unauthorized

422

{"error": "Unprocessable Entity"}

500

Something went wrong. Please try again later.

5.3 Use access_token:

- After retrieving access_token, you can use that token to query data from the api

- Ex: use access_token to get the products of shop by postman.

Headers : 
    Content-Type : application/json
    Authorization : Bearer + access_token

Use access_token

6. Step 6: Hook logout:

- When the user logout of the system, it may be from the seller, https://developers.haravan.com/ or https://accounts.haravan.com/, the system will send a request to your application.

Hook logout

Hook logout

Hook logout

- The request will be sent to the URL in Front Channel Logout URL with the GET method.

- This URL is obtained when you create the app successfully at https://developers.haravan.com.

Hook logout

- This request will include the sid of the logged out account in the query.

Hook logout

Hook logout

- sid you get will correspond to the sid when that user's login.

- Once you have sid of the logout account, use it to query the corresponding user in database.

7. Step 7: Redirect to logout page of Haravan:

- This url will help you redirect to the Haravan logout page.

- Note : You will be logged out of all existing accounts on haraAccount.

Method

URL  

REDIRECT

https://accounts.haravan.com/connect/endsession

Redirect to logout page of Haravan